base64: invalid input due to newlines in PGP_SECRET

[armanbilge]

This came up in erikerlandson/coulomb#235. I've actually encountered it myself before and I think the behavior is different across OSes.

H/t to @erikerlandson for proposing two good solutions:

1. update sbt-typelevel quickstart to say gpg --armor --export-secret-keys $LONG_ID | base64 -w0 (i.e. tell base64 to not split the output into lines)
   or
2. change the github action to use base64 -di, to ignore the newlines

In erikerlandson/coulomb#235 I suggested we could apply both, but I'm not sure what the cross-OS support is for the -w0 flag for base64 suggested in (1).

However, since publish jobs are (effectively) always run from ubuntu, solution (2) should be robust.

[armanbilge]

Yeah, macOS doesn't support the -w flag.

https://stackoverflow.com/questions/46463027/base64-doesnt-have-w-option-in-mac

So solution (2) would be better.

However, since publish jobs are (effectively) always run from ubuntu

I think this is a reasonable requirement of sbt-typelevel. This doesn't preclude cross-OS builds or OS-specific artifacts. All it means is that the publish job which downloads the intermediate artifacts and uploads them to sonatype must run on ubuntu.

Edit: it's also worth noting that all the PGP-related shell trickery might very well be tied to ubuntu anyway.

[erikerlandson]

it seems reasonable to assume/require that publish runs on some flavor of linux container 👍

[armanbilge]

Unfortunately the -i flag means something different on macOS 😕

However, since publish jobs are (effectively) always run from ubuntu, solution (2) should be robust.

it seems reasonable to assume/require that publish runs on some flavor of linux container 👍

Finally someone needed to publish from macOS 😅

• Glorious hack to fix publishing key import on macOS runners #648